|
|
|
|
|
|
by zikzikzik
4803 days ago
|
|
|
No, the whole problem is a http server (ANY http server, serving ANY content) listening on port 80. Once the tcp connection is accepted on port 80, "dumb" clients (like curl) can just come barging through the door shouting plaintext auth credentials without knocking first, and no http server can stop them from doing that (because that is how the http protocol works). The only way to stop them from doing that is rejecting connections on port 80. (Dropping packets looks even more like service outage, which was mentioned.) |
|
|